SQL firewalls are newcomers to the world of content security and firewalls. Historically, most SQL firewalls have been internal solutions built on various firewall and proxy frameworks such as Windows Sockets (SOCKS). However, vendors have now shifted to appliance-based firewalls (firewalls packaged as standalone, hardware-based black boxes) because customers prefer plug-and-run security products that insert easily into the network. Here is a sampling of companies that offer SQL firewall products, including the company I work for:
|Check Point VPN-1/FireWall-1 with OPSEC Certified Products|
Check Point Software Technologies
OPSEC content (and database) extensions
Check Point VPN-1/FireWall-1 can intercept, inspect, and validate SQL database-access requests and content flowing to an SQL database. The product is part of the company's Open Platform for Security (OPSEC) program, which helps multivendor partners build integrated firewall extensions to monitor database activity that crosses the firewall and to perform other security-authorization tasks.
SQL-Guard is an appliance that you can deploy as an SQL firewall as well as a nonblocking monitoring solution (an SQL Intrusion Detection System—IDS).
This free, open-source beta software, downloadable from the Internet, is a network-protocol analyzer for UNIX and Windows that includes dissectors that can extract SQL for most SQL dialects from network packets. Developers can use these dissectors with a SOCKS filter framework to build a custom SQL firewall that has simple capabilities.